| VID |
23203 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The Adobe Connect Enterprise Server, according to its version number, has an information disclosure vulnerability. Adobe Connect Enterprise Server versions 6 prior to SP3 could allow a remote attacker to bypass security restrictions, caused by insufficient validation on administrator-only pages. An attacker could exploit this vulnerability to view administrator-only pages and obtain sensitive information.
* Note: This check solely relied on the version number of the remote Adobe Connect Enterprise server to assess this vulnerability, so this might be a false positive.
* References:
http://www.adobe.com/support/security/bulletins/apsb07-14.html
http://securitytracker.com/alerts/2007/Sep/1018682.html
http://www.frsirt.com/english/advisories/2007/3131
http://secunia.com/advisories/26770
* Platforms Affected:
Adobe Connect Enterprise Server versions 6 prior to SP3
Microsoft Windows Any version |
| Recommendation |
Upgrade to Adobe Connect 6 Service Pack 3 or apply the patch for Adobe Connect 6 Service Pack 2, as listed in Adobe Security bulletin APSB07-14 at http://www.adobe.com/support/security/bulletins/apsb07-14.html |
| Related URL |
CVE-2007-4651 (CVE) |
| Related URL |
25640 (SecurityFocus) |
| Related URL |
36573 (ISS) |
|
